The Co-operative Bank's odd re-directing behaviour

 by Martin Belam, 15 November 2006

"Phishing" attacks on internet banking sites have become one of the modern scourges of the web, to the extent that the last two major internet browser releases for PCs both made a song and dance about their anti-phishing filters.

One of the key battlegrounds in fighting this kind of crime is in educating users about the risks posed to them by phishing, teaching them how to recognise it, and how to protect themselves.

For some time now I have been concerned that the Co-operative Bank's internet facility does not give the right messages out to users. I should add that I am a very happy customer of the bank, which I use specifically for their ethical stance, and I don't mean in any way to imply that their internet banking facility is unsafe. However, it does display some very odd behaviour.

The first bit of odd behaviour occurs when you first type in the URL - http://www.co-operativebank.co.uk

What happens is that you get a title bar message indicating that you are being re-directed, even before any on-screen elements have loaded.

Redirecting to Production site
Bank redirect

A second strange behaviour happens when you select the personal banking option from their internet banking menu.

Internet banking menu

As the request is processed, another re-direction is flagged up by the browser:

Redirecting to PBIBS site
Redirected again

I'm sure there are perfectly good technical architecture reasons for building the site this way, but I can't help feeling that getting their customers used to the concept that you frequently get "re-directed" when you are doing online banking will not help in the long term to educate those users about how to spot a phishing attack.

All of which is quite ironic, since having gone from server pillar to post, when you do get to log on to the Co-op's internet banking service, the first thing that greets you at the moment is an anti-phishing warning.

The banks anti-phishing warning

7 Comments

I agree! Just logged on to the co-op site & got the redirected bit. So googled for 'PBIBS' & found your comment. I see you wrote it in 2006. Have you told the co-op about your concerns?

Regards,

Shantiketu

PS I haven't posted my email address here since I don't know what your site is & don't want more spam than I get already.

dont know what url means i cant get my bank details get as far as clicking personal account then nothing

This has intrigued me, as I only came across your blog by the slightest of chances... anyway, I found this too:

http://www.i-tcs.com/case_study/co-op.html

I echo Joan Booth's comments exactly. How do you get into your bank account details then? Everything was OK until I got broadband. Dial up although was slow still let me into my account. Now what??

I have just come across this obstacle. (PBIBS site) I don't know what phishing or a URL website are. I have yet to get to my bank

For the people having problems with the "Redirecting to PBIBS site" message and the page not loading problem:

If you are using Safari on a mac empty your cache (done through the safari menu)

If you are using a Windows the when the message comes up press the "ctrl" and "F5" keys together on your keyboard.

The problem appears to be caused by transparant caching at either the ISP or browser level.

If you don't know what phishing or an URL is, you probably shouldn't be risking banking online ......

Keep up to date on my new blog